search

osixia / docker-openldap

OpenLDAP container image 🐳🌴
MIT License
4.05k stars 977 forks source link

File import is broken #538

Open EthicsGradient opened 3 years ago

EthicsGradient commented 3 years ago

Hi, Trying to create a container fails with this error; The ldif file works if you copy it to root and then run ldapadd manually after logging in.

***  INFO   | 2021-02-22 14:18:59 | Search service in CONTAINER_SERVICE_DIR = /container/service :
***  INFO   | 2021-02-22 14:18:59 | link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools
***  INFO   | 2021-02-22 14:18:59 | link /container/service/slapd/startup.sh to /container/run/startup/slapd
***  INFO   | 2021-02-22 14:18:59 | link /container/service/slapd/process.sh to /container/run/process/slapd/run
***  INFO   | 2021-02-22 14:18:59 | Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.yaml
/container/environment/99-default/default.startup.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
***  INFO   | 2021-02-22 14:18:59 | Running /container/run/startup/:ssl-tools...
***  INFO   | 2021-02-22 14:18:59 | Running /container/run/startup/slapd...
***  INFO   | 2021-02-22 14:18:59 | openldap user and group adjustments
***  INFO   | 2021-02-22 14:18:59 | get current openldap uid/gid info inside container
***  INFO   | 2021-02-22 14:18:59 | -------------------------------------
***  INFO   | 2021-02-22 14:18:59 | openldap GID/UID
***  INFO   | 2021-02-22 14:18:59 | -------------------------------------
***  INFO   | 2021-02-22 14:18:59 | User uid: 911
***  INFO   | 2021-02-22 14:18:59 | User gid: 911
***  INFO   | 2021-02-22 14:18:59 | uid/gid changed: false
***  INFO   | 2021-02-22 14:18:59 | -------------------------------------
***  INFO   | 2021-02-22 14:18:59 | updating file uid/gid ownership
***  INFO   | 2021-02-22 14:19:00 | Database and config directory are empty...
***  INFO   | 2021-02-22 14:19:00 | Init new ldap server...
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.57+dfsg-1~bpo10+1... done.
  Creating initial configuration... done.
  Creating LDAP directory... done.
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of restart.
***  INFO   | 2021-02-22 14:19:01 | Start OpenLDAP...
***  INFO   | 2021-02-22 14:19:01 | Waiting for OpenLDAP to start...
***  INFO   | 2021-02-22 14:19:01 | Add bootstrap schemas...
config file testing succeeded
***  INFO   | 2021-02-22 14:19:02 | Add image bootstrap ldif...
***  INFO   | 2021-02-22 14:19:02 | Add custom bootstrap ldif...
***  ERROR  | 2021-02-22 14:19:02 | /container/run/startup/slapd failed with status 68

***  INFO   | 2021-02-22 14:19:02 | Killing all processes...

The build file is

FROM osixia/openldap:latest

RUN mkdir -p /container/service/slapd/assets/config/bootstrap/ldif/custom
COPY ./pix_Db_final.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/pix_Db_final.ldif

The ldif file is;

dn: ou=Group,dc=test,dc=org,dc=uk
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: Group

dn: ou=People,dc=test,dc=org,dc=uk
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: People

dn: cn=mainuser,ou=People,dc=test,dc=org,dc=uk
changetype: add
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
gidNumber: 0
uid: mainuser
homeDirectory: /home/mainuser
sn: user
givenName: mainuser
displayName: mainuser
cn: mainuser
uidNumber: 25065
userPassword: {SHA}K9ZODEiZMJE5Lpu93I4vv+wdpMk=
mail:mainuser@gmail.com
dn: cn=usergeneric,ou=People,dc=test,dc=org,dc=uk
changetype: add
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
gidNumber: 0
givenName: generic
sn: user
uid: usergeneric
homeDirectory: /home/usergeneric
uidNumber: 59035
userPassword: {SHA}SCmHw2etfEYO/GkT2cLUHMlkUVw=
cn: usergeneric
mail: usergeneric@gmail.com

dn: cn=Admins,ou=Group,dc=test,dc=org,dc=uk
changetype: add
objectClass: groupOfUniqueNames
uniqueMember: cn=mainuser,ou=People,dc=test,dc=org,dc=uk
cn: Admins

dn: cn=Users,ou=Group,dc=test,dc=org,dc=uk
objectClass: groupOfUniqueNames
uniqueMember: cn=mainuser,ou=People,dc=test,dc=org,dc=uk
uniqueMember: cn=usergeneric,ou=People,,dc=test,dc=org,dc=uk
cn: Users
koelle25 commented 3 years ago

Hi,

your LDIF seems to be invalid. There is a missing newline between your dn: cn=mainuser,ou=People,dc=test,dc=org,dc=uk and the dn: cn=usergeneric,ou=People,dc=test,dc=org,dc=uk entries.

Also I think there has to be a space between the mail:mainuser@gmail.com attribute and value of your cn=mainuser.

If that doesn't solve it also try the --log-level debug option, see here.

welrbraga commented 3 years ago

Same here.

I've bootup a clean openldap with this container and added some Organization Units, Posix Group and Users using phpldapadmin.

Saved two dumps of this database. One with a "slapcat dump" and other with a "ldapsearch dump".

Both failed to be added in a new trying of use a clean container that should restore one of these dumps.

After that I tried remove my top object class and apparently I have success to import it but a new fail where custom dir is busy, and in a new trying anhoter mesage that the file tls-enable.ldif is not readable.

openldap_1  | ***  INFO   | 2021-06-12 19:08:14 | Add image bootstrap ldif...
openldap_1  | ***  INFO   | 2021-06-12 19:08:14 | Add custom bootstrap ldif...
openldap_1  | ***  INFO   | 2021-06-12 19:08:14 | Add TLS config...
openldap_1  | ***  INFO   | 2021-06-12 19:08:14 | Disable replication config...
openldap_1  | ***  INFO   | 2021-06-12 19:08:14 | Stop OpenLDAP...
openldap_1  | ***  INFO   | 2021-06-12 19:08:14 | Configure ldap client TLS configuration...
openldap_1  | ***  INFO   | 2021-06-12 19:08:14 | Remove config files...
openldap_1  | rm: cannot remove '/container/service/slapd/assets/config/bootstrap/ldif/custom': Device or resource busy
openldap_1  | ***  ERROR  | 2021-06-12 19:08:14 | /container/run/startup/slapd failed with status 1
openldap_1  | 
openldap_1  | ***  INFO   | 2021-06-12 19:08:14 | Killing all processes...
openldap_openldap_1 exited with code 1

In another trying just running "docker-compose up" again, the message changed to tls-enable.ldif not readable:

openldap_1  | ***  INFO   | 2021-06-12 19:08:46 | Start OpenLDAP...
openldap_1  | ***  INFO   | 2021-06-12 19:08:46 | Waiting for OpenLDAP to start...
openldap_1  | ***  INFO   | 2021-06-12 19:08:46 | Add TLS config...
openldap_1  | sed: can't read /container/service/slapd/assets/config/tls/tls-enable.ldif: No such file or directory
openldap_1  | ***  ERROR  | 2021-06-12 19:08:46 | /container/run/startup/slapd failed with status 2
openldap_1  | 
openldap_1  | ***  INFO   | 2021-06-12 19:08:46 | Killing all processes...
openldap_openldap_1 exited with code 1
jrk-irt commented 2 years ago

Had various errors trying to use directory or file volumes for the bootstrap ldif, including the "device or resource busy" for copy or rename. Got past this issue by mounting the bootstrap directory to "/tmp/ldif" and using LDAP_SEED_INTERNAL_LDIF_PATH. For example:

version '2'
services:
   openldap:
      ...
      environment:
         LDAP_SEED_INTERNAL_LDIF_PATH: "/tmp/ldif"
         ...
      volumes:
         - ./data/ldif:/tmp/ldif

Edit: On subsequent runs, this still occasionally fails with a:

Copy from internal path /tmp/ldif to /container/run/service/slapd/assets/config/bootstrap/ldif/custom cp: cannot create directory '/container/run/service/slapd/assets/config/bootstrap/ldif/custom': No such file or directory

koelle25 commented 2 years ago

@jrk-irt Did you try the --copy-service command? Seed ldap database with ldif:

Since startup script modifies ldif files, you must add --copy-service argument to entrypoint if you don't want to overwrite them.

Fix docker mounted file problems:

You may have some problems with mounted files on some systems. The startup script try to make some file adjustment and fix files owner and permissions, this can result in multiple errors.

This would also apply to a read-only mounts. So try to use e.g.:

version: '2'
services:
   openldap:
      image: osixia/openldap
      command: --copy-service
      volumes:
         - ./data/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom:ro
jrk-irt commented 2 years ago

@jrk-irt Did you try the --copy-service command?

Yes, I'm also running with that option and it does help. However, subsequent startups fail.

However, it does work if a docker-compose down is issued before bringing it back up, so I looked in the container after initial startup. The /container/run/service/slapd/assets/config directory no longer exists. The next time the system starts using the same container, and attempts to copy the bootstrap file to /container/run/service/slapd/assets/config/bootstrap/ldif/custom, it fails.

jhssilva commented 6 months ago

I'm still facing the same issue there is any fix for this?